CISCO SYSTEMS, INC.

CISCO SYSTEMS, INC. Patent applications

Patent application number

Title

Published

20150071283

HARDWARE IMPLEMENTED ETHERNET MULTIPLE TUPLE FILTER SYSTEM AND METHOD - A filter in a DOCSIS bridge performs IP Filtering of incoming Ethernet packets in hardware. The filter includes a parser circuit which, in hardware, parses each of the incoming Ethernet packets and then utilizes the parsed information in combination with a content-addressable memory (CAM) that stores filtering information, to filter and route the incoming Ethernet packets. Detailed statistical data may also be generated to provide information on the type of filtering being performed by the DOCSIS bridge.

METHOD AND APPARATUS FOR ADAPTIVE POWER CONTROL IN A MULTI-LANE COMMUNICATION CHANNEL - An apparatus consisting of a digital communication channel comprised of a multiplicity of lanes where data is striped across the lanes in a predefined sequence. Each lane has the ability to be powered down or powered up in response to the amount of data being held in a transmit buffer at one end of the communication channel. The method consists of monitoring the amount of data being held in the transmit buffer; making the decision of how many lanes are required based on the amount of data; sending signals to cause the required number of lanes to be powered down or powered up; and performing the required power down or power up action at the particular transmitter and receiver. The fill level of the transmit buffer is continually monitored and the required number of active lanes and the striping sequence is calculated and updated as required as a function of the fill level, where a larger amount of data waiting to be transmitted will result in a greater number of lanes being powered up and a smaller amount of data waiting to be transmitted will result in a lesser number of lanes being powered up.

03-15-2012

20100246407

RUNTIME FLOW DEBUGGING A NETWORK DEVICE BY EXAMINING PACKET COUNTERS AT INTERNAL POINTS - In one embodiment, the internal path traversed by packets between two user visible interface, selected by a user, is displayed. The path displayed includes internal interfaces traversed by the packets. First and second count values showing the packets traversing each displayed internal interface at the beginning and end of a selected time period are also displayed. A delta, being the difference between the first and second count values for each internal interface indicates the number of packets traversing the interface during the time period and can be analyzed to determine the identity of a packet processing hardware logic block where packets might be getting dropped.

09-30-2010

20100246406

ROUTE CONVERGENCE BASED ON ETHERNET OPERATIONS, ADMINISTRATION, AND MAINTENANCE PROTOCOL - In an example embodiment, a method of route convergence is provided. In this method, a loss of connectivity is detected along a communication route by way of an Ethernet Operations, Administration, and Maintenance (OAM) protocol. Examples of Ethernet OAM protocols include Connectivity Fault Management protocol and Ethernet Local Management Interface protocol. Thereafter, a data link layer identifier associated with the communication route is identified and this data link layer identifier is mapped to a network layer address. Convergence on an alternate communication route can then be based on the mapped network layer address.

09-30-2010

20100158041

MULTI-SPEED STACK INTERFACE - Various embodiments provide an apparatus and method for configuring a shared data rate in a stackable interface network. An example embodiment includes detecting a data cable identifier, the data cable identifier being indicative of a first data rate capacity associated with a data cable identified by the data cable identifier; propagating information indicative of the first data rate capacity to at least one of a plurality of network devices connected via stackable network interfaces; receiving information indicative of a second data rate capacity from at least one of the plurality of network devices; determining an appropriate shared data rate from the information indicative of the first data rate capacity and the information indicative of the second data rate capacity; and configuring at least one of the plurality of network devices to communicate via a stackable network interface at the shared data rate.

06-24-2010

20100114389

DISTRIBUTING POWER TO NETWORKED DEVICES - A method and an apparatus to distribute power to a networked apparatus are provided. The apparatus may comprise a communication module to receive sensor data via a communication network connected to a plurality of sensors operatively located within a building. The plurality of sensors may be to provide sensor data identifying a presence of one or more persons in the building. The apparatus includes a policy engine including a plurality of rules, each rule associated with at least one powered device located within the building. A power control module is configured to adjust power supplied to the at least one powered device based on the rule. Power to the powered devices may be provided over a power over Ethernet network.

05-06-2010

20090296647

Method and System for Dynamically Assigning Channels Across Multiple Radios in a Wireless LAN - In a fixed channel wireless network system with a limited number of channels, assignment of the fixed channels between remote client elements and access elements is made systematically according to a set of criteria accounting for network loading and interference, then channel assignments are dynamically updated according to a priority to maintain optimal network performance with changing conditions of load and interference. The channel utilization problem is address at a system level rather than at a local level by treating the system as a three dimensional color mapping problem. All noise is treated as having a source in virtual access elements with an appropriate performance metric. The performance metric is used to select a channel set that minimize chances of interference and maximize user performance. Specifically, there are several parameter matrices which are managed and updated by a central resource management element, namely signal strength between elements, interference, and load. These matrices are used to find the optimal channel assignments for a predetermined limited set of assignable channels. In one implementation, the channel assignment methodology takes into account the interference associated with access elements operating on a selected channel, as well as the interference or energy that spills over (or is otherwise observable) on physical channels adjacent to the selected channel.

12-03-2009

20090271864

Containment of Rogue Systems in Wireless Network Environments - Methods, apparatuses and systems facilitating containment of the effects of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. As discussed below, the rogue containment functionality described herein can be applied to a wide variety of wireless network system architectures.

10-29-2009

20090172805

Wireless Network Security Mechanism Including Reverse Network Address Translation - Methods, apparatuses and systems directed to preventing unauthorized access to internal network addresses transmitted across wireless networks. According to the invention, mobile stations are assigned virtual client network addresses that are used as the outer network addresses in a Virtual Private Network (VPN) infrastructure, as well as unique internal network addresses used as the inner network addresses. In one implementation, the virtual client network addresses have little to no relation to the internal network addressing scheme implemented on the network domain. In one implementation, all clients or mobile stations are assigned the same virtual client network address. A translation layer, in one implementation, intermediates the VPN session between the mobile stations and a VPN server to translate the virtual client network addresses to the internal network addresses based on the medium access control (MAC) address corresponding to the mobile stations. In this manner, the encryption inherent in the VPN infrastructure prevents access to the internal network addresses assigned to the mobile stations.

07-02-2009

20090158042

Managed Access Point Protocol - Methods, apparatuses and systems facilitating deployment and configuration of managed access points in hierarchical wireless network systems. An embodiment of the invention facilitates deployment and configuration of conventional, substantially autonomous access points operating in connection with a central management node, such as a server or appliance. In another embodiment, the present invention facilitates deployment and configuration of light-weight access points in a hierarchical wireless network system. In one embodiment, the present invention also provides a streamlined encryption key exchange protocol adapted to hierarchical wireless network system architectures.

06-18-2009

20090157901

SYSTEM AND METHOD FOR USING ROUTING PROTOCOL EXTENSIONS FOR IMPROVING SPOKE TO SPOKE COMMUNICATION IN A COMPUTER NETWORK - Systems and methods for using routing protocol extensions to improve spoke to spoke communication in a computer network are disclosed. Embodiments provide systems and methods to establish a tunnel between a first spoke and a hub, exchange routing information between the first spoke and the hub using a routing protocol, extend the routing protocol and an associated database to include next hop mapping information, and establish a tunnel between the first spoke and a second spoke according to information in the database.

06-18-2009

20090141657

FIBRE CHANNEL SWITCH THAT ENABLES END DEVICES IN DIFFERENT FABRICS TO COMMUNICATE WITH ONE ANOTHER WHILE RETAINING THEIR UNIQUE FIBRE CHANNEL DOMAIN_IDs - A Fibre Channel Switch which enables end devices in different Fabrics to communicate with one another while retaining their unique Fibre Channel Domain_IDs. The Switch is coupled to a first fabric having a first set of end devices and a second fabric having a second set of end devices. The Switch is configured to enable communication by the first set of end devices associated with the first fabric with the second set of end devices associated with the second set of end devices using the unique Domain_IDs of each of the first set and the second set of end devices. In one embodiment of the invention, the first and second fabrics are first and second Virtual Storage Array Networks (VSANs) respectively. In an alternative embodiment, the first fabric and the second fabric are separate physical fabrics.

06-04-2009

20090092113

Graphical Display of Status Information in a Wireless Network Management System - Methods, apparatuses and systems directed to, or facilitating, the graphical display of status information in wireless network management systems. In one implementation, the present invention provides a graphical user interface that allows a network administrator to readily ascertain the overall status of a wireless network, and quickly identify the network element(s) within the network that are associated with any potential problem or condition. In another implementation, the present invention provides a graphical user interface that provides status icons that efficiently convey status information for corresponding access points. In another implementation, the present invention provides a hierarchical network model that facilitates network data management, configuration and display tasks associated with wireless network management systems.

04-09-2009

20080285530

Wireless Node Location Mechanism Featuring Definition of Search Region to Optimize Location Computation - A wireless node location mechanism that defines a search region to optimize the computations associated with estimating the location of a given wireless node. According to one implementation, a coverage map associated with each radio receiver that records signal strength data is defined out to a threshold signal strength level. Before computing the estimated location of a given wireless nodes, a search region is defined based on the intersection of the coverage maps associated with each radio receiver that detects the wireless node. Some implementations use information provided by the fact that certain radio receivers did not detect the wireless node to further optimize the location estimate. By defining a search region, which is a generally small area relative to the space encompassed by an entire RF environment, the present invention provides several advantages, such as reducing the processing time and/or power to compute estimated locations for wireless nodes.

11-20-2008

20080247331

Method and Apparatus for High Resolution Passive Network Latency Measurement - A method includes receiving a first capture time corresponding to a first time that a data packet is received at a first probe and a second capture time corresponding to a second time that the data packet is received at a second probe. The data packet is from existing network traffic transmitted over a data network. The first and second probes can be configured to capture the data packet in response to a capture instruction. The first capture time and second capture time are different and are used to calculate the latency of at least a portion of a data network.

10-09-2008

20080209537

Self-Initiated End-to-End Monitoring of an Authentication Gateway - An example embodiment of the present invention provides processes relating to self-initiated end-to-end monitoring for an authentication gateway. In one particular implementation, the authentication gateway periodically creates and stores a temporary logon for access to a network and then sends a message including the temporary logon over a secure connection to a client. When the client receives the temporary logon, the client responds to the message by attempting to access a configurable network site. The authentication gateway redirects the client to a captive portal which prompts the client for a logon and the client enters the temporary logon at the captive portal. Then upon validating the temporary logon against the stored temporary logon, the authentication gateway authorizes access to the network. If the client successfully accesses the site, the client sends a verification report to the authentication gateway indicating successful access. Otherwise, the client reports on the failed access.